Your message dated Fri, 26 Aug 2022 18:32:15 +0000 with message-id <e1ore7r-003zkh...@fasolo.debian.org> and subject line Bug#1018012: fixed in open-vm-tools 2:11.2.5-2+deb11u1 has caused the Debian Bug report #1018012, regarding open-vm-tools: CVE-2022-31676: local privilege escalation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1018012: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018012 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: open-vm-tools Version: 2:12.0.5-2 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for open-vm-tools. CVE-2022-31676[0]: | VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege | escalation vulnerability. A malicious actor with local non- | administrative access to the Guest OS can escalate privileges as a | root user in the virtual machine. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31676 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31676 [1] https://www.vmware.com/security/advisories/VMSA-2022-0024.html [2] https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: open-vm-tools Source-Version: 2:11.2.5-2+deb11u1 Done: Bernd Zeimetz <b...@debian.org> We believe that the bug you reported is fixed in the latest version of open-vm-tools, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1018...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bernd Zeimetz <b...@debian.org> (supplier of updated open-vm-tools package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 24 Aug 2022 10:28:40 +0200 Source: open-vm-tools Architecture: source Version: 2:11.2.5-2+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Bernd Zeimetz <b...@debian.org> Changed-By: Bernd Zeimetz <b...@debian.org> Closes: 1018012 Changes: open-vm-tools (2:11.2.5-2+deb11u1) bullseye-security; urgency=high . * [67b16ff] Properly check authorization on incoming guestOps requests. (Closes: #1018012 CVE-2022-31676) * [747392e] gbp: build in bullseye * [80c2e62] gitlab-ci: build in bullseye Checksums-Sha1: 3fe9a360aeed938ba80b4be9c718d1461590242f 2496 open-vm-tools_11.2.5-2+deb11u1.dsc 7f857da6713934c858b3c7cac842fa9824980001 1658304 open-vm-tools_11.2.5.orig.tar.xz fb98712512615d17195d4543dd35ab8651459171 31764 open-vm-tools_11.2.5-2+deb11u1.debian.tar.xz 29a59cd57a979101a573faf63340e54fd0b22c21 10415 open-vm-tools_11.2.5-2+deb11u1_source.buildinfo Checksums-Sha256: c3d6e0171851e4941ca67bae9df774faae3195d34f428b05812ff876027c8267 2496 open-vm-tools_11.2.5-2+deb11u1.dsc cac26505a1206b8a4c6fa399e219756d18185bb17fc6fd95936916581c1c4c34 1658304 open-vm-tools_11.2.5.orig.tar.xz 0de452a3bf6398d6e99b621a7e87c5f00371c7954d35ab54c556b98fbf87e44a 31764 open-vm-tools_11.2.5-2+deb11u1.debian.tar.xz d4b6ae7a7d0d85ebb619c753d5f3bc7afc45864ab25e5858345405a295e25e5b 10415 open-vm-tools_11.2.5-2+deb11u1_source.buildinfo Files: c2d1e91add0259ae82f2bdd929f549a6 2496 admin optional open-vm-tools_11.2.5-2+deb11u1.dsc ce4b0bb8da12a016aa7ce7aac4d3eebf 1658304 admin optional open-vm-tools_11.2.5.orig.tar.xz 05bd3210cd4c8c1a26a2fba588f8fea4 31764 admin optional open-vm-tools_11.2.5-2+deb11u1.debian.tar.xz 97a8731f85c1ad993ca3d08eb7c05b12 10415 admin optional open-vm-tools_11.2.5-2+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE7KHj8o4RJDLUhd2V6zYXGm/5Q18FAmMF7WMACgkQ6zYXGm/5 Q18eBRAArqRItvGsxJVZA5NEQgOrWrMWqcGrlOebr5dZvVy9PnWeupuSh0zdt17Y Z91POgLX66+CtfuWIaCb0opU1SUeRNWfxaPnxq4PUeeb9SUkK4/h/hNL5f7GRiaM e+Feyb3hXxJH6VvIBhuMnEgAiFX23A7caEn5OrX7cgRXcmfqINWqsENbMFfYMCpq e6PlhZI4c7YnEh1t5dIqiLfUyIqw0tTfySUsjhX94V+fGS8Q+5EbHIjjPUtWPkz8 WXE3UMVp2j0omm1c6kNnKSTjfJ/Nrfd9PRsC1cnA1164o9Egvasw8qePkOPDP+91 T3KYMNBiQKSPMJDaaxyEfEtngmMcsukGsXbJFpWTLiOTnkY1+yxoiYxbupKjB12R zXW0AY8almcs9S9fb2Fn49L8qQGf/G8REVNpD/G5d9UVv2KqVnkhYMC6xzdpNoLN PlO1scMa9CVIuv7UdXuRligGbg9dGS7Ml+p2LShooFrQhW58TMHLlZm4SyySbn5v eeRbA0mqbDVHEyGMzaIFrA7+yVsCs2TpYiXMlK3vQXeo554Qyq/kfUVRH5rK69lU ngc6yfEAcbIpv/6K6aMgznbi9TRxlh2yfni8GUYuI3nHOOH9QkXS+l6v4fLtMUc5 lgpIFepHFRg5Be6CjfHnurV9h+Euj1msykePirehglx+y6Ph3VU= =C6iA -----END PGP SIGNATURE-----
--- End Message ---
